RE: [ActiveDir] Install MS Outlook Express

You might be able to use sysocmgr.exe in a startup script. I've used this to install IIS but never tried it with OE. http://support.microsoft.com/?id=222444 -Original Message- From: [EMAIL PROTECTED] on behalf of Edwin Sent: Tue 20/07/2004 14:03 To:

[ActiveDir] Enterprise Admin members

I'm after a list of tasks that can only be performed by an Enterprise Administrator and not by a domain admin in the forest root. eg Authorise a DHCP server. In general terms, what does everyone do with their Enterprise Admin membership? I'm wondering if it should have any members at all on a

RE: [ActiveDir] User timeouts

This setting specifies the length of time before a computer will suspend an idle SMB session, it wont log your users off. For a less than glamerous, but effective, solution, check out Microsoft's winexit.scr screensaver. -Original Message- From: [EMAIL PROTECTED] on

RE: [ActiveDir] OT: Compaq Servers

RDP isn't free and you have to buy a license for every server under its management. -Original Message- From: [EMAIL PROTECTED] on behalf of Kitchens Arthur E Sent: Tue 08/06/2004 15:38 To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir]

RE: [ActiveDir] OT: Compaq Servers

Title: Message Never used the scripting toolkit but I have deployed many a Compaq server with their Rapid Deployment Pack which can build a new server in a few minutes with a couple of mouse clicks. http://h18004.www1.hp.com/products/servers/management/rdp.html -Original

RE: [ActiveDir] how many domain controllers ?

That's impossible to answer without a lot more information. How many users do you have, how many sites, what's the bandwidth between sites, do you have directory enabled applications, what's your budget etc. etc. The main question would be on the number of users and in very general terms a few

RE: [ActiveDir] Is it possible to Disable GC registration on a particular NIC?

There are a few steps that have to be followed to disable dynamic DNS registration on a DC, you will probably find it's not just invalid GC records that appear but invalid host entries as well since Netlogon will by default register all IP addresses with DNS. This kb shows you how to disable

RE: [ActiveDir] Is it possible to Disable GC registration on a pa rticular NIC?

That will prevent the DHCP client service registering the resords in DNS but as these servers are DC's you also need to prevent Netlogon from registering the records so that tick box wouldn't be enough. If any of the DC's are DNS servers there are even more hoops to jump through to completely

RE: [ActiveDir] AD Replication

This error will occur when you do not have a reverse lookup zone defined in DNS and does not necessarily indicate a DNS problem. In fact, usually it is a harmless error message. You should still be able to use nslookup to resolve records, give it a try. -Original Message- From: [EMAIL

RE: [ActiveDir] AD Replication

Have you ever removed a domain controller from Active Directory without going through the dcpromo process to bring it down to a member server first? If you have then the servers NTDS settings will still be around which could be a possible cause. Perhaps try a metadata cleanup as described here

RE: [ActiveDir] Managing accounts for 'outsiders'

I don't treat a 3rd party account in AD any differently from normal user accounts. They should be given the least privelege required to do their job, which will typically mean logon access is restricted to whatever server they are supporting. One personal annoyance is when admins set up generic

RE: [ActiveDir] Need to confirm a behavior in AD Sites as it pertains to authenti cation.

If the DC locator process used the site link costs it would actually make things easier, but it doesn't, it uses the DC's SRV record in DNS. Depending on your subnet that you have defined in Sites Services, the DC's record will be added into a site specific SRV record and also a domain wide

RE: [ActiveDir] OT: riddle me this

No, permissions are cumulative so when there is a conflict the most restrictive permission will apply. Remember that to even get to the NTFS permission you have to get past the share first. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent:

RE: [ActiveDir] Storage of AD passwords???

Either an LM hash or an NT hash can be used to store the passwords. NT hash is more secure. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: 29 April 2004 16:16 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Storage of AD passwords???

RE: [ActiveDir] Clustering

If the object here is to save money by not having an external array then Majority Node Set quorums will not really help as they require at least three nodes to be redundant so the money you save is spent on an extra server. MNS is pitched more at geographically separated nodes rather than a

RE: [ActiveDir] AD Sites and SYSVOL

Title: Message The DC locator process is the job of DNS. Your zone records will contain the site-wide and domain-wide list of Domain Controllers. When a client tries to contact a DC, it looks first of all at the site-wide list in DNS and tries to contact a DC in it's own site. If this fails

RE: [ActiveDir] AD screw up

You cannot change which domain in the forest is the forest root so you are stuck with that original design unless you want to start from scratch. Rather than making new domains for each remote office, you should keep them everything in the same domain and split them up with different AD Sites

RE: [ActiveDir] SUS 2.0 Beta

Title: RE: [ActiveDir] SUS 2.0 Beta http://www.microsoft.com/windowsserversystem/sus/wusbeta.mspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TuanSent: 15 April 2004 04:51To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] SUS 2.0 Beta Anyone can tell me where to download

RE: [ActiveDir] How to remove ADC from domain

You need to perform a metadata cleanup to remove a failed DC from Active Directory http://support.microsoft.com/?id=216498 -Original Message- From: [EMAIL PROTECTED] on behalf of Mike Celone Sent: Wed 14/04/2004 00:44 To: [EMAIL PROTECTED] Cc:

RE: [ActiveDir] Firewall

Have a look in c:\windows\pfirewall.log to see what traffic is being dropped by the firewall. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. LongSent: 13 April 2004 14:32To: [EMAIL PROTECTED]Subject: [ActiveDir] Firewall Do you all force your XP clients to

RE: [ActiveDir] Failed to open Group Policy

Title: Message Have a read of this and see if it helps. It basically says to check your sysvol folder for problems. http://support.microsoft.com/?id=253268 Another couple of options thrown up by a kb search are to check the account is not denied permissions on the GPO and to check your PDC

RE: [ActiveDir] Failed to open Group Policy

Title: Message Do you have a second DC in the domain by any chance? If you do you should check the other DC's in case they already have the correct sysvol structure. If they do you may have a replication problem that can be resolved without manually creating files. According to the kb, once

RE: [ActiveDir] Failed to open Group Policy

Title: Message It looks like you might be using the wrong base DN when using ldp, you seem to be using dc=ebttikarhq.com. The correct syntax should be dc=ebttikarhq,dc=com A reboot of the server is always worth doing. I have never carried out this procedure so don't know the precise steps.

RE: [ActiveDir] Failed to open Group Policy

Title: Message Hi Athif, I don't see the guid of the GPO in this ldp output. Follow these directions to obtain the guid for the Default Domain Policy. Then it is this guid you use to rebuild the sysvol structure. Open ldp, connect and bind to the server. Select Connection New to clear the